Is Harold Martin behind Shadow Brokers ?

Posted by Matt Suiche | Published on October 5, 2016

Categories: malware

Tags: theshadowbrokers
Reading time: 2 minutes.

Table Of Contents:

The New York Times just released an articleon the arrest of Harold T. Martin arrestand his criminal complaint is dated of 29th August 2016.

I also strongly recommend to the readers, to read again my blogpost from the 17 August 2016 on the Insider Theory at https://medium.com/@msuiche/shadowbrokers-the-insider-theory-ded733b39a55

What we do know are:

This confirms the existence of at least one second Snowden-like insider within the NSA.
In this case, Harold Martin did not fit any of the usual profile of an “insider threat”.
“Mr. Martin is suspected of taking the highly classified “source code” developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea.” — which sounds a lot like the NSA TAO Toolkit sounds partly released by Shadow Brokers in August.
Based on the above point, this would mean the relationship with Shadow Brokers is most likely gonna be reviewed by security experts and investigators.
Edward Snowden words can’t always be taken for a fact if that’s the case here. As he accused Russia of being behind Shadow Brokers like the dominant mainstream opinion was spending all over.
Attribution is HARD and can be FAKED— but accusing nation states makes better headlines, especially since it resulted in a massive M&A for Mandiant because of APT1.
On my blogpost of the 17 August 2016 — two weeks before the criminal complaint against Harold T Martin — I firstly exposed the insider theory on Shadow Brokers and why it should not be dismissed because of multiple points. This recent news will force the public to revise their dominant decision on the origin of the Shadow Brokers files.
Harold Martin was still a Booz Allen Hamilton employee until the 27 August 2016. This confirms the presence of a post-Snowden insider within the NSA.

What we do not know yet :

If Harold Martin was still actually a Booz Allen Hamilton employee in 2016. EDIT: According to SEC documents, BAH fired Harold Martin only after the 27 August 2016 raid by the FBI. “ When Booz Allen learned of the arrest of one of its employees by the FBI, we immediately reached out to the authorities to offer our total cooperation in their investigation, and we fired the employee.”. This means the NSA/BAH definitely had an insider post-Snowden era.
The motives of Harold Martin — the article mentions Harold Martin is 51, could he have been annoyed at his employer for pushing him out of certain roles/positions due to his age/physical conditions ?
What evidences cyber security companies who are accusing Russia to be behind the recenty different cyber attacks have.

Matt Suiche is the Founder of UAE based cyber security start up Comae Technologies

BlackHat 2017: The Shadow Brokers — Cyber Fear Game Changers

July 27, 2017 | theshadowbrokers blackhat | Matt Suiche

Cyber Fear As a Service

July 8, 2017 | theshadowbrokers ethereum | Matt Suiche

Blockchain Security & Cyber Fear Game-Changers

April 20, 2017 | theshadowbrokers | Matt Suiche

On 14 April, the mysterious group ShadowBrokers released an archive containing several exploits, tools and operational notes on one of the…